Arbitrary Command Execution as `ffi` is enabled
Summary
The foundry tool has ffi cheat code which as per foundry docs "is generally advised to be used as a last resort, and to no enable it by default, as anyone who can change the tests of a project will be able to execute arbitrary commands on devices that run the tests".
Vulnerability Details
The project has ffi enabled by default and also runs some tests which remove the lib folder from the TLD(Top-level Directory), create new folders etc.
This can be dangerous if tests were introduced by a malicious tester to leak the Private Keys, GitHub tokens or any other sensitive information from the project
Tester can create
fficommands to copy the.envfolder with a different nameThe Protocol is pushed to GitHub
Now the sensitive Information has been leaked
Impact
This can easily escalate from almost no impact to a Critical Issue (If Private Keys were Leaked)
Tools Used
Manual Review
Foundry
Recommendations
It is advised to add ffi = false to the foundry.toml to set ffi to true only when absolutely necessary to test some functionality
Lead Judging Commences
Info/Gas/Invalid according to docs
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.